Windows Analysis Report
Daiichi-sankyo Enrollment Employee Benefit.pdf

Overview

General Information

Sample name: Daiichi-sankyo Enrollment Employee Benefit.pdf
Analysis ID: 1428827
MD5: cc5b2453ffaa0d1a1fbc2a0afa76e63b
SHA1: 1f82928adb3cd21e425f0faac234e4af2c5a4084
SHA256: d1e64d165ace7847fc6348a3937aa5f8343eecfdc3964f001e0a3d5ceee5edb6
Infos:

Detection

HtmlDropper, HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Html Dropper
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Phishing site or detected (based on various text indicators)
Suspicious PDF detected (based on various text indicators)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
IP address seen in connection with other malware
Invalid 'sign-in options' or 'sign-up' link found
JA3 SSL client fingerprint seen in connection with other malware
Phishing site detected (based on OCR NLP Model)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 2.8.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc Matcher: Template: microsoft matched
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 1.2 OCR Text: : Verifying... CLOUDFLARE Microsoft
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDF OCR Text: Accounting/Payroll Department shared a PDF DOC VIA QR CODE Daiichi-sankyoHR19/04.14.pdf. SCAN BARCODE TO VIEW DOCUMENT O tim.ellmers@daiichi-sankyo.eu Daiichi-Sankyo Complete with DocuSign: Daiichi-sankyoHR19/04.14.pdf. Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.
HTML body contains low number of good links
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: Number of links: 0
HTML page contains hidden URLs or javascript code
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal
HTML title does not match URL
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: Title: 707caeeca9bc306d0b32942af2aa5d896622897d3559a does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: Invalid link: get a new Microsoft account
Phishing site detected (based on OCR NLP Model)
Source: Adobe Acrobat PDF ML Model on OCR Text: Matched 99.0% probability on "Accounting/Payroll Department shared a PDF DOC VIA QR CODE Daiichi-sankyoHR19/04.14.pdf. SCAN BARCODE TO VIEW DOCUMENT O tim.ellmers@daiichi-sankyo.eu Daiichi-Sankyo Complete with DocuSign: Daiichi-sankyoHR19/04.14.pdf. Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others. "
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP Parser: No favicon
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: No favicon
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: No <meta name="author".. found
Source: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP Parser: No <meta name="copyright".. found
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49749 version: TLS 1.0
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49753 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 104.17.2.184 104.17.2.184
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49749 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da
Source: global traffic HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ogu60/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dcefd6b1f456b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ogu60/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ogu60/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dcf098b47674b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/456223059:1713535937:oBUKpgYqVFGPpoGO8IZLKMstZiz-5SDizo-IXSig_p4/876dcf098b47674b/0faa9bcb52a3587 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876dcf098b47674b/1713539296236/fMQLotTMd0s1BsZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876dcf098b47674b/1713539296236/fMQLotTMd0s1BsZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/876dcf098b47674b/1713539296236/d077f5541ae8607dc99f4fa3c069ac7cbcf54eb65048249bc64d5cbd7e0a61ee/Hs44xINdXZdOoTI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/456223059:1713535937:oBUKpgYqVFGPpoGO8IZLKMstZiz-5SDizo-IXSig_p4/876dcf098b47674b/0faa9bcb52a3587 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cMrVUzzHVgn+sv1&MD=zHZbgdsY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cMrVUzzHVgn+sv1&MD=zHZbgdsY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dd227cb467ba2 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1223683563:1713535988:zNc8BrwVOnTudJ76RDKyxQ536s-ec_SOgZ1Wff_9wCY/876dd227cb467ba2/f9fa31d20682394 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/876dd227cb467ba2/1713539422980/4ea7fd2a956c5048a930546a443b9c7c24f123e986f1b0168ca030ea769c0130/7I9fhAYzHGADAXo HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876dd227cb467ba2/1713539422982/yFvaVB2g636-4Yo HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876dd227cb467ba2/1713539422982/yFvaVB2g636-4Yo HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1223683563:1713535988:zNc8BrwVOnTudJ76RDKyxQ536s-ec_SOgZ1Wff_9wCY/876dd227cb467ba2/f9fa31d20682394 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1223683563:1713535988:zNc8BrwVOnTudJ76RDKyxQ536s-ec_SOgZ1Wff_9wCY/876dd227cb467ba2/f9fa31d20682394 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/876dd227cb467ba2 HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /CAPQTdXazduWWJmOGRMQlNS HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://cce-signviadocs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /boot/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b5b HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /jq/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b58 HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /js/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b5c HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /APP-e8fe38f51de39c86ce2e821d0a5b4b766622897f33229/e8fe38f51de39c86ce2e821d0a5b4b766622897f3322a HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /o/e8fe38f51de39c86ce2e821d0a5b4b766622897f332f9 HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /x/e8fe38f51de39c86ce2e821d0a5b4b766622897f3322f HTTP/1.1Host: cce-signviadocs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /o/e8fe38f51de39c86ce2e821d0a5b4b766622897f332f9 HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: global traffic HTTP traffic detected: GET /x/e8fe38f51de39c86ce2e821d0a5b4b766622897f3322f HTTP/1.1Host: cce-signviadocs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64f9f0997ba8f25470f8f2c8d57c28da; cf_clearance=TxwWyENXBNxLxAoP243PVHDUc3pxYjG4w8Y.atYUMKw-1713539451-1.0.1.1-6DPqZrmLAAZp5Be64C9ND3n8YCS5Qp.AMQbrzSbaQHUCK7EkkimEMGjDx0SG0SIPpItPNyM3rHdmBcaHXDZOMA
Source: unknown DNS traffic detected: queries for: cce-signviadocs.com
Source: unknown HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/792408913:1713535996:x9y6wPNervpWVfZAXRJzEV25alUZv2h6JxH_2n6yyM8/876dcefd6b1f456b/c3c565dd08e39a9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2624sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: c3c565dd08e39a9sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ogu60/0x4AAAAAAAXlzGo6orctdP7m/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 15:10:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2KSoUtWDMFXRebNVoigZblbFP6x1v1BByPaVzRpHklgaRIYK4YCte1fc3XnkVgycYbPJPuL%2BUpb3iEl5eAQGKdn4zbOPxeiPsA%2FOchKNguoyxCXc0gaja9DYBOTHwmzthEeNpuhl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 876dd2f9fbc612db-ATLalt-svc: h3=":443"; ma=86400
Source: chromecache_201.6.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_201.6.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_201.6.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: classification engine Classification label: mal72.phis.troj.winPDF@30/93@20/9
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 17-08-06-262.log Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Daiichi-sankyo Enrollment Employee Benefit.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,12208739452210900171,7377553342865857032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cce-signviadocs.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2356,i,10481889836188868553,946926718042027499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,12208739452210900171,7377553342865857032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2356,i,10481889836188868553,946926718042027499,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Daiichi-sankyo Enrollment Employee Benefit.pdf Initial sample: PDF keyword /JS count = 0
Source: Daiichi-sankyo Enrollment Employee Benefit.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Daiichi-sankyo Enrollment Employee Benefit.pdf Initial sample: PDF keyword /EmbeddedFile count = 0

Data Obfuscation
barindex
Yara detected Html Dropper
Source: Yara match File source: 2.8.pages.csv, type: HTML
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428827 Sample: Daiichi-sankyo Enrollment E... Startdate: 19/04/2024 Architecture: WINDOWS Score: 72 32 Yara detected Html Dropper 2->32 34 Yara detected HtmlPhish10 2->34 36 Suspicious PDF detected (based on various text indicators) 2->36 38 3 other signatures 2->38 7 chrome.exe 9 2->7         started        10 Acrobat.exe 20 64 2->10         started        process3 dnsIp4 22 192.168.2.5, 443, 49703, 49708 unknown unknown 7->22 24 239.255.255.250 unknown Reserved 7->24 12 chrome.exe 7->12         started        15 AcroCEF.exe 104 10->15         started        process5 dnsIp6 26 www.google.com 142.250.105.99, 443, 49729, 49755 GOOGLEUS United States 12->26 28 a.nel.cloudflare.com 35.190.80.1, 443, 49774, 49778 GOOGLEUS United States 12->28 30 4 other IPs or domains 12->30 17 AcroCEF.exe 4 15->17         started        process7 dnsIp8 20 184.31.48.185, 443, 49740 AKAMAI-ASUS United States 17->20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.105.99
 www.google.com United States
15169 GOOGLEUS false
184.31.48.185
 unknown United States
16625 AKAMAI-ASUS false
104.17.3.184
 unknown United States
13335 CLOUDFLARENETUS false
151.101.2.137
 code.jquery.com United States
54113 FASTLYUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.21.39.39
 cce-signviadocs.com United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
104.17.2.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
cce-signviadocs.com 104.21.39.39 true
a.nel.cloudflare.com 35.190.80.1 true
code.jquery.com 151.101.2.137 true
challenges.cloudflare.com 104.17.2.184 true
www.google.com 142.250.105.99 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cce-signviadocs.com/jq/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b58 false
    		unknown
    https://cce-signviadocs.com/ false
      		unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876dcf098b47674b/1713539296236/d077f5541ae8607dc99f4fa3c069ac7cbcf54eb65048249bc64d5cbd7e0a61ee/Hs44xINdXZdOoTI false
        		high
        https://cce-signviadocs.com/boot/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b5b false
          		unknown
          https://cce-signviadocs.com/1 false
            		unknown
            https://code.jquery.com/jquery-3.6.0.min.js false
              		high
              https://cce-signviadocs.com/ASSETS/img/sig-op.svg false
                		unknown
                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/456223059:1713535937:oBUKpgYqVFGPpoGO8IZLKMstZiz-5SDizo-IXSig_p4/876dcf098b47674b/0faa9bcb52a3587 false
                  		high
                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ogu60/0x4AAAAAAAXlzGo6orctdP7m/auto/normal false
                    		high
                    https://cce-signviadocs.com/captcha/logo.svg false
                      		unknown
                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876dd227cb467ba2/1713539422980/4ea7fd2a956c5048a930546a443b9c7c24f123e986f1b0168ca030ea769c0130/7I9fhAYzHGADAXo false
                        		high
                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876dd227cb467ba2/1713539422982/yFvaVB2g636-4Yo false
                          		high
                          https://cce-signviadocs.com/o/e8fe38f51de39c86ce2e821d0a5b4b766622897f332f9 false
                            		unknown
                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/z0pm4/0x4AAAAAAAXlzGo6orctdP7m/auto/normal false
                              		high
                              https://cce-signviadocs.com/CAPQTdXazduWWJmOGRMQlNS false
                                		unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/792408913:1713535996:x9y6wPNervpWVfZAXRJzEV25alUZv2h6JxH_2n6yyM8/876dcefd6b1f456b/c3c565dd08e39a9 false
                                  		high
                                  https://cce-signviadocs.com/js/e8fe38f51de39c86ce2e821d0a5b4b766622897d85b5c false
                                    		unknown
                                    https://cce-signviadocs.com/d740c10c7b9cf800d441f265844201e16622897d355dbLOGd740c10c7b9cf800d441f265844201e16622897d355dc true
                                      		unknown
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dd227cb467ba2 false
                                        		high
                                        https://cce-signviadocs.com/APP-e8fe38f51de39c86ce2e821d0a5b4b766622897f33229/e8fe38f51de39c86ce2e821d0a5b4b766622897f3322a false
                                          		unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dcf098b47674b false
                                            		high
                                            https://cce-signviadocs.com/favicon.ico false
                                              		unknown
                                              https://cce-signviadocs.com/ASSETS/img/m_.svg false
                                                		unknown
                                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876dcf098b47674b/1713539296236/fMQLotTMd0s1BsZ false
                                                  		high
                                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
                                                    		high
                                                    https://cce-signviadocs.com/x/e8fe38f51de39c86ce2e821d0a5b4b766622897f3322f false
                                                      		unknown
                                                      https://cce-signviadocs.com/cdn-cgi/challenge-platform/h/b/rc/876dd227cb467ba2 false
                                                        		unknown
                                                        https://a.nel.cloudflare.com/report/v4?s=4oMPjjHiLu0y%2BDD7VGWajrX1npACnHc1rbrxk2tUG1xhdrjcUZe3JFxIAr3IymQRA811BDQw8kKhntkkeO5fAEsp7rjebOyhVSd%2FxHi5wdwPJUGd5Bnl6OvBRB1Llq6qe%2F6VYpUl false
                                                          		high
                                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1223683563:1713535988:zNc8BrwVOnTudJ76RDKyxQ536s-ec_SOgZ1Wff_9wCY/876dd227cb467ba2/f9fa31d20682394 false
                                                            		high
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876dcefd6b1f456b false
                                                              		high
                                                              https://cce-signviadocs.com/captcha/style.css false
                                                                		unknown